[Security] Handshaker status return (#34864)

Address the first (easy) half of https://github.com/grpc/grpc/issues/32598 Closes #34864 COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/34864 from gtcooke94:HandshakerStatusReturn 8d33012b2d PiperOrigin-RevId: 607058614
12 months ago · b3b64dc715
parent b2b6af691e
commit b3b64dc715
2 changed files with 22 additions and 11 deletions
--- a/src/core/lib/security/transport/security_handshaker.cc
+++ b/src/core/lib/security/transport/security_handshaker.cc
@ -27,6 +27,7 @@
 #include <algorithm>
 #include <memory>
 #include <string>
+#include <utility>

 #include "absl/base/attributes.h"
 #include "absl/status/status.h"
@ -585,25 +586,25 @@ void SecurityHandshaker::DoHandshake(grpc_tcp_server_acceptor* /*acceptor*/,

 class FailHandshaker : public Handshaker {
 public:
+  explicit FailHandshaker(absl::Status status) : status_(std::move(status)) {}
  const char* name() const override { return "security_fail"; }
  void Shutdown(grpc_error_handle /*why*/) override {}
  void DoHandshake(grpc_tcp_server_acceptor* /*acceptor*/,
                   grpc_closure* on_handshake_done,
                   HandshakerArgs* args) override {
-    grpc_error_handle error =
-        GRPC_ERROR_CREATE("Failed to create security handshaker");
-    grpc_endpoint_shutdown(args->endpoint, error);
+    grpc_endpoint_shutdown(args->endpoint, status_);
    grpc_endpoint_destroy(args->endpoint);
    args->endpoint = nullptr;
    args->args = ChannelArgs();
    grpc_slice_buffer_destroy(args->read_buffer);
    gpr_free(args->read_buffer);
    args->read_buffer = nullptr;
-    ExecCtx::Run(DEBUG_LOCATION, on_handshake_done, error);
+    ExecCtx::Run(DEBUG_LOCATION, on_handshake_done, status_);
  }

 private:
  ~FailHandshaker() override = default;
+  absl::Status status_;
 };

 //
@ -652,14 +653,22 @@ class ServerSecurityHandshakerFactory : public HandshakerFactory {
 //

 RefCountedPtr<Handshaker> SecurityHandshakerCreate(
-    tsi_handshaker* handshaker, grpc_security_connector* connector,
-    const ChannelArgs& args) {
+    absl::StatusOr<tsi_handshaker*> handshaker,
+    grpc_security_connector* connector, const ChannelArgs& args) {
  // If no TSI handshaker was created, return a handshaker that always fails.
  // Otherwise, return a real security handshaker.
-  if (handshaker == nullptr) {
-    return MakeRefCounted<FailHandshaker>();
+  if (!handshaker.ok()) {
+    return MakeRefCounted<FailHandshaker>(
+        absl::Status(handshaker.status().code(),
+                     absl::StrCat("Failed to create security handshaker: ",
+                                  handshaker.status().message())));
+  } else if (*handshaker == nullptr) {
+    // TODO(gtcooke94) Once all TSI impls are updated to pass StatusOr<> instead
+    // of null, we should change this to use absl::InternalError().
+    return MakeRefCounted<FailHandshaker>(
+        absl::UnknownError("Failed to create security handshaker."));
  } else {
-    return MakeRefCounted<SecurityHandshaker>(handshaker, connector, args);
+    return MakeRefCounted<SecurityHandshaker>(*handshaker, connector, args);
  }
 }

--- a/src/core/lib/security/transport/security_handshaker.h
+++ b/src/core/lib/security/transport/security_handshaker.h
@ -21,6 +21,8 @@

 #include <grpc/support/port_platform.h>

+#include "absl/status/statusor.h"
+
 #include <grpc/grpc.h>

 #include "src/core/lib/channel/channel_args.h"
@ -34,8 +36,8 @@ namespace grpc_core {

 /// Creates a security handshaker using \a handshaker.
 RefCountedPtr<Handshaker> SecurityHandshakerCreate(
-    tsi_handshaker* handshaker, grpc_security_connector* connector,
-    const ChannelArgs& args);
+    absl::StatusOr<tsi_handshaker*> handshaker,
+    grpc_security_connector* connector, const ChannelArgs& args);

 /// Registers security handshaker factories.
 void SecurityRegisterHandshakerFactories(CoreConfiguration::Builder*);